Solved

Checkpoint and ISA design

Posted on 2010-08-20
2
438 Views
Last Modified: 2013-11-16
Hi,

I have a checkpoint firewall and ISA 2004 server and I want to implement a front end backend design.

I was think of putting CP External facing Internet and ISA as the backend,

ISA-------CP--------Internet

Any advice of on this ?
0
Comment
Question by:skywalker101
2 Comments
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 33487973
Either way works well here as the external firewall, however, I tend to prefer the CP FW on the perimeter and ISA on the inside.

Although ISA is a good firewall in itself, I prefer to use a purpose built firewall on the outside and use ISA on the inside.  You can utilise more of the perimeter protections on CP, like the IPS blade etc

Key things to take into account for traffic and rules is where you are doing NAT.  I would pick either CP or ISA to be the master NAT device as natting on each side does add to confusion when debugging any issues

HTH
0
 

Author Comment

by:skywalker101
ID: 33490657
Yea Checkpoint will be my master natting device as I find there is a lot more functionality with CP over iSA.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question